Development Update #2206

Here are some DNS-OARC development highlights from the past couple of months. These updates are usually bi-monthly and previous ones are available on our Medium blog.

Main focus: Check My DNS

As a result of my recent member survey and discussions with OARC’s Board, the project that will be my main focus for the next couple of years will be Check My DNS (CMDNS) and there are tons of new stuff planned!

First, I will redesign the UI to support the selection of which checks, or sets of checks, to run. I’m also adding a separate UI that is more mobile-friendly and less animation-heavy. That will be the quick check/run one whilst the other will be for more in-depth analysis.

Drafts of these UIs are available on the test instance of CMDNS:
- Slim: https://tcmdns.dev.dns-oarc.net/slim/
- Console: https://tcmdns.dev.dns-oarc.net/console/

More around this will be presented at upcoming OARC 38.

Authority DoT & DoQ checks

During the DNS working group at RIPE 84 Sara Dickinson (Sinodun) presented about the status of DNS-over-QUIC (DoQ, RFC 9250) and the DPRIVE draft around probing for the support.

Sara’s presentation inspired me to add checks for the probing and it also reminded me that I started adding support for DNS-over-TLS (DoT) some time ago but never finished it (doh!).

I’m now happy to announce that these checks are available on the test instance of CMDNS and you can run these yourself using cmdns-cli— if you have a DoT/DoQ probe-able resolver that is :)

$ ./cmdns-cli -addr tcmdns.dev.dns-oarc.net -done -res 172.17.0.7:53 -checks trans_dot | grep complete | json_pp
connecting to wss://tcmdns.dev.dns-oarc.net:443/ws/

{
“complete” : {
“id” : “b597llgtit7637tl772rh63e8o”,
“msg” : “Queries total:14 over-DoT:11”,
“succ” : true
}
}

The above was done using PowerDNS recursor v4.7.x with their variant of DoT probing… which I also found some bugs in that’s been fixed so v4.7.1 should be out soon!

If you want to test for DoQ then use `-checks trans_doq` and you can use `-res` to point at the resolver you want to use.

Also, if you have any questions, ideas, comments or feedback around this then find me on our Mattermost.

New Go library: golang-dns-server-doq

To support DNS-over-QUIC in CMDNS I first tried to add it to miekg’s DNS library but they were not too happy about the dependency requirements that quic-go introduced and I totally understand that!

So I created a new library that mimics the `dns.Server` part and has support for DoQ (only DoQ).

https://github.com/DNS-OARC/golang-dns-server-doq

I’m currently waiting on some interface changes to miekg’s DNS library before I can do the first release of this new library.

UPDATE! UPDATE! READ ALL ABOUT IT!

Between writing and publishing this the interface changes were merged and I was able to release the new Go library. That also means that the `trans_dot` and `trans_doq` checks are now available on the main instance of CMDNS. Enjoy :D

Scaling back less-used software

We have recently decided to scale back support for some of our less-used software, in order to best focus development resources. OARC maintains a growing number of projects and it’s time to start phasing out some of them that see no activity or are not relevant anymore.

To that extent, a few projects have been placed in “maintenance only” and a couple have been “discontinued”.

Maintenance only projects will not receive any further active development, but we will still handle reported issues and/or funded feature requests.

The projects that are now maintenance only are:

  • dnsmeter — Tool for testing performance of nameservers
  • drool — drool is a tool to replay DNS traffic
  • ripeatlas — Go bindings for RIPE Atlas API

Discontinued projects will not receive any further development, support or bug fixing. This is a natural evolution since these projects have not had any updates or contributions for many years.

Discontinued projects are:

  • dsp — DNS Statistics Presenter (DSP) can be used to display statistics collected by DSC
  • p5-Net-GetDNS — Perl bindings for getdns, a modern asynchronous DNS API

New Releases

And with that we go to a short summary of the recent releases since the last development update.

dnsjit

dsc-datatool

  • In release v1.1.0 we added support for Prometheus’ node_exporter using its Textfile Collector, fixed a bug in InfluxDB output and updated Grafana test site dashboards.
  • Release v1.2.0 fixed handling of base64'ed strings in DSC XML and added a new option for Prometheus output to set a prefix for metrics.

packetq

  • New columns `qlabels` / `alabels` (number of labels in `qname` / `aname`) was added in v1.7.0 along with functions for looking up country code (`CC()`) and autonomous system number (`ASN()`).
  • Release v1.7.1 fixed a bug in the domain name parsing that cuts off very long names.

dsc

  • Release v2.13.1 were mainly for build and packages because MaxMind has announced that the databases for GeoIP will be EOL May 2022 and recommends switching to GeoIP2 databases and libmaxminddb.

dnscap

  • In v2.0.3 an issue was fixed with the filtering of DNS where messages without a question section would bypass it.

Until next time, cheers!
/Jerry

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store